In 2016, cybercrime-related financial loss exceeded $1.3 billion in the U.S., according to an FBI study. And it affects many industries — as much as 10 percent of the $80 billion+ digital advertising spend (2017 figures) is expected to be lost due to fraud. Media and other agencies that gain revenue from online advertising and publishing revenue shoulder a big chunk of this statistic.
Ad tech cybersecurity startup DEV/CON DETECT addresses the gap in security and revenue protection for these agencies. A veteran of the publishing and digital advertising industry, co-founder and CEO Maggie Louie saw the alarming issue after she was brought in as an advisor at a publishing company.
“I started at the company after I caught a hacker who had exploited a company that he was working for,” says Louie. “Within 24 hours, I had figured out that their internal developer had hijacked all of their tags and was diverting the revenue to his own accounts. He had stole hundreds of thousands of dollars over eight months. We were able to detect that and help law enforcement actually get an indictment and a prosecution.”
The hacker was indicted for $200,000 of theft and money laundering, says Louie.
“It was that discovery that led me to start looking to see if this was a problem across the industry,” she says.
DEV/CON helps publishers and media companies detect any vulnerabilities in their advertising, including online ad fraud and clickjacking, that divert digital ad revenue elsewhere.
In December 2017, DEV/CON raised a $1.29 million seed round led by France and San Francisco-based Newfund’s investment. The startup team, led by Louie and CTO and co-founder Josh Summit, also recently expanded from Memphis to Atlanta after an acceptance into ATDC Signature portfolio to access the city’s strong cybersecurity industry and key players who can help grow their platform.
Louie shares more about the ad tech cybersecurity industry, the current fraud trends within the publishing industry, and why they expanded into Atlanta for their headquarters.
How does cybersecurity apply to the ad tech industry?
Other companies who are in this space, they define that as ad quality and traffic verification. What that means is that traditionally, they provide advertisers with some reconciliation of how much traffic their ads got that was just bot traffic, not human traffic, so they don’t end up paying for that. They also will provide some ad quality information around spamming ads that might be unattractive or creating latency.
We’re redefining the space in that we do address those problems, but we are very much involved in creating transparency in the industry of tags, and where the revenue is going; also what the behaviors are, the criminal activities behind some of these malicious codes, and being able to detect those threats and remove them from the ecosystem.
We combined to create this intersection between what’s happening on the technical side of ad tech fraud and what’s happening in cybersecurity. We’re leveraging our two [areas of] expertise to attack the problem in a way that no one else in the industry is.
What are some of the threats that DEV/CON detects and prevents?
Some of the really most important things that we do, aside from detecting criminal activity, is also being able to find and stop popups, mobile popups and desktop popups. This is a growing problem for publishers because they don’t want those popups popping up on their site; neither does their audience. But they don’t have control because people are sneaking into the system and injecting them in between the publisher and the reader. Our software is great at finding that and stopping it.
Latency and ad quality are another big piece of what we do. It’s slowing the ad calls from other networks. You’re actually losing money by trying to monetize your site with these networks. That’s very important to publishers, getting their yield optimization correct.
A third really big piece of what we do is being able to provide transparency into how each network is monetized in the site. Typically, publishers make a deal with the network, for example $4 CPM (cost per thousand eyeballs). What that is supposed to mean is that they are working, always, to get you $4 for every thousand impressions they give you.
What really happens is they type in high-end networks that might even yield as high as $8, but then they average that down by filling a lot of low ends, like $2, $1, 50 cents. What that does is create a lot of latency, a lot of technical problems, but it also gives them a cut of that percent of revenue you’re making from low-end inventory that you could be selling yourself. You don’t want to pay a premium partner to go sell your low-end stack inventory.
Our platform provides you transparency into every sub-partner that your network is working with, so that you can, at a glance, see if they are working with other networks at the low end that you’re working with, and that actually could be creating competition for you in selling that low inventory directly.
What’s the barrier of entry for the publisher to integrate your software?
There’s very little barrier of entry. We don’t need any access or any integration whatsoever to provide our continuous monitoring. Our yield dashboard, which is what incorporates all of the security code information and correlates that back to your actual revenue, that is very minimal integration. We have an ability to go into our platform and simply log into those accounts. It will automatically adjust the data feed, so we can put that in the view.
What’s your revenue model?
It’s a low monthly fee per website. It’s higher if you have just one or two websites, but as you get beyond five websites and plus with enterprise companies, if you have more than 100 websites, then we’re going to work with you. Anything above 10, we start to model it very differently so that we can accommodate you across your entire suite of sites.
What kind of publishers are you going after as your target audience?
Typically, a site that has 500 page views or more is a potential customer. It’s a fairly low threshold, but we estimate at roughly five ads per page. If you’ve got 500,000 page views per month, you’re generating 2.5 million impressions per month. That’s at the point that it’s pretty monetizable within the structure of ROCs. You can see dramatic ROI still, at that point, even if you’re only monetizing your site to $7500 a month, we can increase your revenue and your site performance to an extent that it’s worth it to pay the fractional fee that we have for our services.
We’ve actually been fairly fortunate in that we’ve all been in the industry for a long time. Just our channel partners and our outreach to our industry network has been the core focus right now, as we’ve just really begun building our business. We just finished our funding round. We are now at a stage where we have a good number of customers and in the next two months we’re focused on scale. And then we’ll start more of a heavy marketing campaign.
What prompted you to add a presence in Atlanta and move your headquarters here?
We have our business team based in Atlanta and then we also have teams based in Memphis. The reason we decided to expand our company headquarters out of Atlanta was because of the growth in cybersecurity here. The community is so strong. You have so many great leaders in cyber, like Tom Noonan. You have VMware here. And then within the colleges, you’ve got programs developing. We feel like sourcing talent will be easier for us here, as well.
The support from groups like ATDC and Engage, especially — this is just a very strong entrepreneurial community and a very strong cyber center. We feel very excited about how Atlanta’s going to continue to grow as a cyber mecca. We feel like this is the best place for us to anchor.